Lock it Down – Small Business and Cybersecurity

in Your Business

In light of current events, the likelihood of serious cyberattacks on the corporate community are a serious concern – and just because your business is a small one, don’t believe for a moment that cybercriminals aren’t lurking. It’s estimated that over 47% of attacks happen to businesses with fewer than 100 employees1 – and nearly 60% of new firms that are victimized go out of business within 6 months of the attack.2 When you stop to think about it, it makes sense: newer and smaller businesses often lack the security tools and protocol necessary to protect valuable data…which makes them an easy target.

But don’t despair; there are several steps you can take now to ensure a safer cyber-future:

Tools of the trade

An effective firewall is a great place to start. In addition to the typical external firewall, many companies are starting to install internal ones as well to provide additional layers of protection. If you have employees who work from home, they should also install a firewall on their home network. Because of its importance to the security of your data, consider providing the necessary firewall software and support for home networks.

 In our current “work from home” environment, where more and more employees use their personal devices as well as company-provided ones, you need to have policies in place to ensure their safe usage. Virtual private networks (VPN), password protection and other security measures like antivirus software for these devices are vital if they’re used in conjunction with your company platforms.

What’s the password?

While we’re on the subject of passwords, nobody likes to continually change them, but it’s necessary because they’re the most commonly exploited link in the security chain. Make sure that a set schedule (with reasonable frequency) is in place to reset passwords and encourage that employees use more complex number/letter/symbol configurations to promote greater security. Additionally, using the multi-factor identification settings on most major network and email products is easy to use and provides an extra layer of protection.

Skip the phishing expedition

Phishing is every bit as common (and perhaps more) with small businesses as large ones. And even though you may provide training so that all your employees understand this threat, it only takes a moment’s inattention – and inadvertent clicking of a link – to let malware in. According to CISCO’s 2021 Cybersecurity Threat Trends report, about 90% of data breaches occur due to phishing. Studies have also noted that the peak time for attacks was the holiday season (roughly from October to January), with an almost 50% jump – most likely due to the increase in online shopping and delivery. To prevent honest mistakes from compromising your IT infrastructure, good anti-malware software is a vital tool for every device that is used in your company. It’s well worth the cost to have this added insurance.

Always have a backup

Ultimately, though, no matter how sophisticated or thorough your security systems may be, the possibility of attack is always there. For that reason, it’s vitally important that all critical company documents, including financials, are securely backed up – in other words, be sure to create a reasonable amount of redundancy in your systems. These precautions will also protect you in the event of natural disasters, from flooding to fires or intense storms. For some businesses, this can be as simple as using flash drives or external hard drives. Today, the most common answer to the ever-increasing storage so many companies need is to use a cloud-based solution. Regardless of what you choose, be sure to monitor your backup regularly to be certain that it is retaining your information properly.

The biggest problem with cybersecurity? The best practices to try and keep up with a moving target like cybercrime are constantly changing. The “bad guys” never stop looking for new and better ways to attack their prey. What works for companies today might be totally inefficient six months from now. New small businesses need to constantly be aware of what’s happening in terms of cyberattacks in general (The Center for Strategic and International Studies3 offers a comprehensive accounting of significant breaches, for example) and the tools that are being created to counter them. In a very real sense, the future of your business depends on understanding your online enemies and having effective defenses against them.

1Research conducted by the National Cyber Security Alliance 2021

230 Surprising Small Business Cybersecurity Statistics (2021) Fundera

3https://www.csis.org/programs/technology-policy-program/significant-cyber-incidents